Account Abstraction ERC-4337 in Mobile Crypto Wallet

NOVASOLUTIONS.TECHNOLOGY is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
Account Abstraction ERC-4337 in Mobile Crypto Wallet
Complex
from 1 week to 3 months
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1052
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Account Abstraction (ERC-4337) Implementation in Mobile Crypto Wallet

ERC-4337 radically changes UX in crypto wallets: instead of users storing seed phrases and personally paying gas in ETH, transactions pack into UserOperation, send via Bundler, gas paid by Paymaster—third party. For mobile app this means web2-like UX: Face ID login, gasless transactions, recovery via social account.

ERC-4337 Components and Their Role in Mobile Client

Smart Account. Instead of EOA (Externally Owned Account), user gets smart contract wallet (SimpleAccount, SafeAccount, LightAccount from Alchemy, Kernel from ZeroDev). Contract address deterministic via CREATE2—can be computed before deploy. Mobile client stores ownerPrivateKey (signer key) in Secure Enclave (iOS) / Android Keystore, not wallet itself.

EntryPoint contract (0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789—same address on all EVM networks)—global singleton, accepts UserOperation[] from Bundlers.

Bundler—node collecting UserOperation from mempool, simulating, packing into normal on-chain transaction. SDK for bundler work: @alchemy/aa-core, permissionless.js, viem/account-abstraction (viem 2.x). In mobile app, bundler is HTTP endpoint where client sends eth_sendUserOperation.

Paymaster—optional contract sponsoring gas. Verifying Paymaster signs payment permission server-side, ERC-20 Paymaster allows USDC payment. In mobile client: before sending UserOperation request pm_sponsorUserOperation from Paymaster API (Alchemy, Pimlico, Biconomy).

Mobile App Implementation

UserOperation signing. Smart account verifies signature via isValidSignature (ERC-1271). Owner (owner EOA) signs. On iOS—SecKeyCreateSignature with kSecKeyAlgorithmECDSASignatureMessageX962SHA256 via Secure Enclave (key never leaves chip). On Android—KeyPairGenerator with AndroidKeyStore provider, sign via Signature.getInstance("SHA256withECDSA").

Biometric authentication before signing—LocalAuthentication (iOS) / BiometricPrompt (Android). Private key accessible only after biometric verification—key marked kSecAccessControlBiometryCurrentSet (iOS) or setUserAuthenticationRequired(true) (Android Keystore).

UserOperation structure and Gas estimation. Fields callGasLimit, verificationGasLimit, preVerificationGas must estimate before sending. Bundler provides eth_estimateUserOperationGas—call before showing user gas amount. Pimlico, Alchemy Gas Manager automate this. Without proper estimation, bundler rejects with AA21 didn't pay prefund.

Session Keys. ERC-4337 lets delegate limited signing rights. Example: mobile game requests session key with 5 USDC per-transaction spending limit—user signs once, further game micro-transactions proceed without confirmation. Implement via ISessionKeyPlugin (ERC-6900) or equivalent in Kernel (ZeroDev).

Social Recovery. Smart account can support recovery via guardians—trusted addresses (e.g., email recovery via ZeroDev Email Recovery or phone via social login via Web3Auth). User loses key → appeals to guardians → via timelock (usually 48h) gets new owner. For mobile UX: in app—"Recovery" section where add guardians and set threshold.

Case study. DeFi mobile wallet: Smart Account based on LightAccount v1.1, bundler—Alchemy, Paymaster sponsors first 10 transactions for new users. Sign via Secure Enclave (iOS) and Android Keystore. Onboarding without seed phrase: user creates account via Apple Sign In → ECDSA keypair generated in Secure Enclave → smart account address computed via getCounterFactualAddress → on first deposit account deploys via initCode in UserOperation. User never sees private key or seed phrase. DApp connection via WalletConnect v2 (Sign API)—wallet signs EIP-712 messages.

Complexities and Non-Obvious Points

Frontrunning UserOperations. ERC-4337 mempool public—bundlers see unpacked UserOperations. For confidential operations use private bundler (Flashbots, MEV Blocker) or paymaster with encrypted data.

Multi-chain. EntryPoint v0.6 and v0.7—different addresses on different networks. Wallet must support both. SmartAccountClient from @alchemy/aa-core abstracts this, but per-network config separate.

Gas estimation on Optimism/Base. L2 gas model differs: L1 data fee added to L2 gas. eth_estimateUserOperationGas from bundler accounts for this, but verify separately on different networks.

Timeline

Scale Estimated Timeline
Basic ERC-4337 wallet, gasless, biometric 10–16 weeks
Wallet with session keys and social recovery 5–8 months
DeFi platform with multi-chain support 8–14 months

Cost calculated individually after analyzing smart contract requirements, supported networks, and onboarding UX flow.